Overview

overview

10

Static

static

6b8579744d...6e.exe

windows7_x64

10

6b8579744d...6e.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    119s
  • max time network
    130s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    19-01-2022 10:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6b8579744d4f9a2200a1e090181e4d6e.exe

  • Size

    409KB

  • MD5

    6b8579744d4f9a2200a1e090181e4d6e

  • SHA1

    130a983fc16bdcb13b4a119a30e0162304f540f0

  • SHA256

    558e3327ff438b57d187561ff840813f5087392a0bcbd26c918645d9dde26f19

  • SHA512

    aa8078e1ff3a13f317acb9766ccb1ce03f7285f78431988710691cb2c3a590adbd0f97a8ccb88f77c180c8f31585aef118d0a60d6e247dbf02cb38e4bbad8e8e

Score
10/10
redlinetestingdiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

redline

Botnet

Testing

C2

185.215.113.10:39759

Signatures

  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6b8579744d4f9a2200a1e090181e4d6e.exe
    "C:\Users\Admin\AppData\Local\Temp\6b8579744d4f9a2200a1e090181e4d6e.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1688

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

1
T1012

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1688-55-0x0000000000250000-0x0000000000289000-memory.dmp
    Filesize

    228KB

    Download
  • memory/1688-54-0x0000000000220000-0x000000000024B000-memory.dmp
    Filesize

    172KB

    Download
  • memory/1688-56-0x0000000000400000-0x000000000046D000-memory.dmp
    Filesize

    436KB

    Download
  • memory/1688-57-0x0000000002010000-0x0000000002044000-memory.dmp
    Filesize

    208KB

    Download
  • memory/1688-58-0x00000000021A0000-0x00000000021D2000-memory.dmp
    Filesize

    200KB

    Download
  • memory/1688-60-0x0000000004952000-0x0000000004953000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1688-59-0x0000000004951000-0x0000000004952000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1688-61-0x0000000004953000-0x0000000004954000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1688-62-0x0000000076151000-0x0000000076153000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1688-63-0x0000000004954000-0x0000000004956000-memory.dmp
    Filesize

    8KB

    Download